[Brian_K_White]

The fact that other things like the carrier are bad, does not somehow make any other thing like graphene good. (not that it's bad exactly just that there is a problem, which is not no problem, even if it's a problem you personally have just decided to be ok with)

Someone else said that the head guy isn't the head guy any more so the biggest problem may not be a problem any more. The idea, stated ideal, design, & construction (as far as one can tell honestly) of the os are all fine.

But the point was, you don't need any more reason than his behavior to avoid granting him such a priviledged place in your phone, which holds such a priviledged place in your life. Just on basic principle. You don't need to justify that to anyone and he or the project does need to justify why one should trust them. The usual justification is merely the utterly flimsy weak one of benefit of the doubt. It's more or less impractical to actually vet strangers, and so you just grant benefit of the doubt until there is some reason to question. But that goes out the window the instant there IS any reason to question.

People have different tolerance for risk, and so, you might be fine with saying "that guy is acting a little weird in this way, but whatever, probably he can still be counted on in this other way.", but no one else is obligated to. And this example of "weird" was not just neutral irrelevant non-conformity.

There have been countless examples of people in positions of responsibility and trust going off the rails and taking a bunch of users down with them. There is no reason not to use your nose for what it's meant for in this way.

But like I said, maybe the problem is resolved now by the fact that we don't actually have to trust that guy any more. In which case, ok.

[smeej]

Last I checked, GrapheneOS is open source.

Don't trust. Verify.

[Brian_K_White]

Why? There are other equally open source os's I can just run instead, that don't require me to excuse or verify anything?

Even if there were something special about graphene that made it more desirable, the real way to deal with an open source project with something unacceptable about it's production or management, is to fork it. But I already have something else to do all day, and am happy to run lineage or calyx or or others. If I did need a fork, I'd need someone else to do it, and I'd have to trust them.

Fork it or help someone else who is forking it or work towards changing the original (which is what seems to have happened actually, so this is all a bit academic now), or just use anything else, are all more reasonable responses than "the people producing this thing with access to all my communications have shown themselves to be off the rails, so what I'll do is keep using it, but personally read all the code in an entire android os."

[smeej]

The point is, you don't have to trust Micay about a darn thing. The code is open. That's the whole point. Dismissing open source software because you don't trust the developer is absurd.

[Brian_K_White]

Saying that you don't have to trust anyone because the code is open is absurd.

[smeej]

If Micay says, "The code does X," anyone who can read it can review it and say, "No it doesn't. It does Y." It's right there. You don't have to trust him. He's shown it to you.

[Brian_K_White]

It doesn't matter what the code actually is, or that you can see it, you still have to trust people because there is simply too much of it, even if you happen to be a coder, which 99% of people should not be required to be. This is a FUCKING MORONIC thing to have to spell out, but I guess here we are.